1. Technical Field
The present invention relates generally to the field of digital communications, and more particularly to secure communication of passwords and other sensitive information across a network connection.
2. Description of Related Art
In a networked computer environment, users often interact with local application programs that exchange data with remote application programs on behalf of the user. When the remote application program controls resources of value, it is often the case that a user must gain access to the information through the use of a user name (or “userid”) and password used for verification and access control. Userids are considered, in most cases, to be public information, but passwords are for obvious reasons considered private, and attempts are made to keep them secret. To access remote information, a local application typically sends the userid and password combination to the remote application across a network.
Servers are often used in networks to control access to applications and other resources residing within the network. In such cases, servers manage the resources and data for which they are responsible and facilitate access to the resources and data by networked machines which log onto the network by way of the proper credentials.
It is also common for one or more network servers to be responsible for administering and limiting network access to clients for which valid account credentials have been provided during a network logon procedure. In this respect, the network server maintains a security database including account identification corresponding to users and services authorized to access the network and the protected network resources for which the network server enforces limited access.
For remote user authentication, some applications such as telnet and ftp send user credentials (i.e., userid and password) over public networks in the clear (i.e., unprotected). Generally, applications such as telnet and ftp that transmit this information are not considered secure if they transmit the information across untrusted networks. When the network is untrusted, the user's passwords are susceptible to exposure and monitoring by unauthorized parties if the information is sent in the clear. Such outside parties could then replay the information at some time in the future and gain access to the presumably protected resources.
Typical user authentication protocols for protecting passwords while traveling over public networks encrypt passwords with symmetric-key cryptosystems (such as DES, AES, RC5, etc.) or public-key cryptosystems (such as RSA, DSA, etc.). Encrypting passwords this way imposes additional overhead on the local and remote applications. Under such schemes, the sender and receiver of the password messages know the operative encryption and decryption schemes before communication. Often, the sender encrypts the message by applying an encryption scheme using a key. The receiver decrypts the message by using a corresponding decryption scheme and the corresponding key known by the receiver.
Some user authentication protocols use collision-resistant one-way hash functions to protect the secrecy of passwords when they are transmitted over public networks. Hash functions take an input string and apply a function to the input string to produce a hash value (or simply hash), also called a message digest. The hash or digest is substantially smaller than the text itself, and is generated by a formula in such a way that it is extremely unlikely that some other text will produce the same hash value. In fact, an ideal hash function has the property that reversing exactly one bit at a time in the input string causes seemingly random changes in all the bits in output hash. The only way to attempt to get a given pattern as the hash value is to repeatedly try random input strings. If the hash value has 128 bits, then trying input strings with no possible systematic search mechanism would clearly be computationally impossible. For one-way hashes, it is also very unlikely that a listener on a public network will be able to reproduce the original input string from the digest.
Hashes play a role in security systems where they're used to ensure that transmitted messages have not been tampered with. The sender generates a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash, produces another hash from the received message, and compares the two hashes. If they're the same, there is a very high probability that the message was transmitted intact. Thus, the integrity of the message can be strongly indicated using hash functions.
Hash functions are well suited for applications in which the receiving party does not need to know the input string corresponding to the output string in a received message. In this instance, the user's password is not sent across the network, only the hash of the password (in combination with some other values) is sent. Methods of using hash functions were not shown to be effective for password change until schemes to accomplish this were presented in “Method for Protecting Password Transmission,” Computers and Security, Vol. 19, No. 5, pages 466-469, 2000 (Peyravian, M. Zunic, N.), which is hereby incorporated by reference. These schemes do not use any symmetric-key or public-key cryptosystems. They only employ a collision-resistant hash function such as SHA. See, for example, “Secure Hash Standard,” FIPS PUB 180-2, August, 2002, National Institute of Standards Technology, which is hereby incorporated by reference. These schemes, however, do not provide protection against the offline password-guessing attack (i.e., dictionary attack) and denial of service attack. The offline password-guessing attack is an issue if users choose weak passwords, such as variations of common names.
Therefore, the present state of the art would benefit from a method of secure remote access that protects against dictionary and denial of service attacks while avoiding the need for public-key or symmetric-key cryptosystems.